<html>
<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<head>
<title>Section A.14.&nbsp; Chapter 14</title>
<link rel="STYLESHEET" type="text/css" href="images/style.css">
<link rel="STYLESHEET" type="text/css" href="images/docsafari.css">
<script type="text/javascript"><!--
google_ad_client = "pub-0203281046321155";
google_alternate_ad_url = "http://www.bookhtml.com/adbrite.htm";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
google_ad_type = "text_image";
google_ad_channel ="4867465545";
google_color_border = "FFFFFF";
google_color_link = "0000FF";
google_color_bg = "FFFFFF";
google_color_text = "000000";
google_color_url = "0000FF";
//--></script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td><div STYLE="MARGIN-LEFT: 0.15in;">
<a href=learnphpmysql-APP-A-SECT-13.html><img src="images/prev.gif" width="60" height="17" border="0" align="absmiddle" alt="Previous Page"></a>
<td align="right"><div STYLE="MARGIN-LEFT: 0.15in;">
<a href=learnphpmysql-APP-A-SECT-15.html><img src="images/next.gif" width="60" height="17" border="0" align="absmiddle" alt="Next Page"></a>
</div></td></tr></table>
<br><table width="100%" border="0" cellspacing="0" cellpadding="0"><tr><TD valign="top"><a name="learnphpmysql-APP-A-SECT-14"></a>
<h3 id="title-IDA3GHYH" class="docSection1Title">A.14. Chapter 14</h3>
<dl class="docList">
<dt><br><p><span class="docPubcolor"><span class="docEmphStrong">Solution to Question 14-1</span></span></p></dt>
<dd><p class="docList">The <span class="docEmphasis">.php</span> extension causes the PHP interpreter to process the file instead of displaying its contents. Displaying the contents might reveal useful information for breaching the security of your site, such as passwords or the inner workings of your code.</p></dd>

<dt><br><p><span class="docPubcolor"><span class="docEmphStrong">Solution to Question 14-2</span></span></p></dt>
<dd><p class="docList">The <tt>sh1()</tt> function creates a 160-bit key instead of <tt>md5()</tt>'s 128-bit string. It also uses a superior algorithm for making it difficult to determine the values that generate a particular encoding.</p></dd>

<dt><br><p><span class="docPubcolor"><span class="docEmphStrong">Solution to Question 14-3</span></span></P></dt>
<dd><p class="docList">If a malicious user knows that you're storing the logged-in user's ID in an automatic global variable, it's easy for him to send in his own value for the user ID as a URL parameter. He can then become any user.</p></dd>

<dt><br><P><span class="docPubcolor"><span class="docEmphStrong">Solution to Question 14-4</span></span></P></dt>
<dd><p class="docList">Untrustworthy data, or data that a user can easily manipulate before it is submitted to your program, includes:</p>
<UL><li><p class="docList">Data from the <tt>$GET</tt> global array</p></li><LI><p class="docList">Data from the <tt>$POST</tt> global array</p></LI><li><p class="docList">Cookie data</p></LI><LI><p class="docList">Session data</p></LI></ul>
</dd>
</dl>

<a href="11011536.html"><img src="images/pixel.jpg" alt="" width="1" height="1" border="0"></a></TD></TR></table>
<br>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td><div STYLE="MARGIN-LEFT: 0.15in;">
<a href=learnphpmysql-APP-A-SECT-13.html><img src="images/prev.gif" width="60" height="17" border="0" align="absmiddle" alt="Previous Page"></a>
<td align="right"><div STYLE="MARGIN-LEFT: 0.15in;">
<a href=learnphpmysql-APP-A-SECT-15.html><img src="images/next.gif" width="60" height="17" border="0" align="absmiddle" alt="Next Page"></a>
</div></td></tr></table>
</body></html>
